Bridging the Gap or: How I Learned to Stop Worrying, and Love the Developers Eric Mikulas

The relationship between security professional, and developers often seems adversarial. In this presentation I will be discussing the problems, work-flows and end-goals from the developer and security professional's viewpoint. I will discuss in depth, the pressures and business needs that often drives development cycles. We'll also be talking about the mind-set of the successful developers you can easily win over, how to do it, and how to expand this to all development teams. We Security Professionals are also not without fault. Our approach of tracking issues, and throwing tools at the problem just isn't working. I'll be talking about my experiences within different organizations, and how minor adjustments can gain wider acceptance and appreciation for security teams within the organization. It is hoped by spreading understanding what drives a developer's mindset, as well as the development process, we as security professionals can help them, and ourselves. In outlining the problem, as well as filling in the gaps for those who lack development experience, we can bring security and development onto one team.

Eric Mikulas is a reformed developer with over 15 years of professional software development experience crossing various industries. Being raised by an Electrical Engineer, and learning to solder, and read schematics before being able to cursive write, he was raised by technology and never though twice about seeing what was behind the curtain. After being promised cookies, He made the jump onto the dark side, that is security by being becoming a Subject Matter Expert for development teams who lacked the understanding to address security concerns. He is presently a Penetration Tester. Eric is still waiting for the cookies.